I'm trying out the latest beta from the Neoava Guard site. I like it very much but I am finding it difficult to protect processes from termination. Is there some sort of helpfile I could read? I've been to the forums but they don't seem to be much help, as NG is still in beta

Applications> Rt. click application/ group and mark as secured. It will give that application termination protection. However ur trsuted applications will be allowed to terminate a secured application. A good balane of security and usability.

lol, I am fed up of urgrading each n every application. See how it goes: I have to download the new updated versions followed by uninstalling the older version, leaving behind some traces etc. Then I have to install the new version. If there is a major change in an application, I have to update their rules in my HIPS as well.

All this practice is a big haslse. I have stopped updating my software including windows updates. I just update my security software. I guess everything on my system is locked down. I have no confidential data on my system. No banking, credit card etc on web. All my browsers run in GesWall. My main browser is Opera with java turned off, JS enabled for selected sites, cookies denied except for some site. I try to keep just Opera updated. I am a safe surfer too. Outlook is not allowed to run on my system. Almost no executable can run without a popup.

I don,t claim that it,s correct but I am very well satisfied with this practice and I feel as secure as others can be.

Okay. I think I have that rule set up correctly. If there any way I could test whether the termination rules are working correctly? It does seem to be better than SSM Pro in a lot of ways. It is very customizeable but it would be nice if there was a way to export and import settings so that I don't have to redo everything when the next beta build comes out.

I´m very disappointed, looks like NG will be dead for the coming months, and this means that none of the bugs will be fixed, and no new features will be added anytime soon, really sad, because it was IMO one of the best HIPS when it came to protecion. The GUI could and should be a lot better, so for now I have dumped NG.

As a true HIPS freak I´m a bit sad, because I was still looking for a better HIPS than SSM Pro, but now NG is dead, and ProSecurity/Comodo Firewall are no options for me. Yes they are quite powerful, but not user friendly IMO.

Btw, I had some stability/freezing problems on my real machine, so that´s why I removed NG, and the GUI also annoyed me a bit. It does have a lot potential but it´s just not good enough at the moment. Same goes for Pro Security and Comodo Firewall, so for now it looks like I´m stuck with SSM, which also needs to be improved a lot, but seems to be pretty "dead".

Yes, could be some conflict, but NG also gives a warning upon install that you shouldn´t install it on systems with modified .exe files? Do you know what that exactly means?

Btw, I decided to look how NG behaved on a clean system, so I installed it on my PC at work (I´m admin), of course I tried to configure it the best way possible to avoid any issues (only other security app on this machine was McAfee Active Virus Enterprise) but even on this "clean" machine it didn´t work correctly, it freezed my PC and after that it wouldn´t even boot anymore.

So I can´t really recommend this app to anyone, seems to be full of bugs, configuration options are also not always remembered. I did get to see two interesting alerts, one about Maxthon trying to log keystrokes (quite strange), and one alert about "remote shell execution", not surprising on a corporate machine. But too bad that NG is not stable, it should have just worked! For example, I didn´t have any problems with Mamutu or SSM at all.

Yes, could be some conflict, but NG also gives a warning upon install that you shouldn´t install it on systems with modified .exe files? Do you know what that exactly means?

Click to expand...

No, I don,t.

Rasheed187 said:

Btw, I decided to look how NG behaved on a clean system, so I installed it on my PC at work (I´m admin), of course I tried to configure it the best way possible to avoid any issues (only other security app on this machine was McAfee Active Virus Enterprise) but even on this "clean" machine it didn´t work correctly, it freezed my PC and after that it wouldn´t even boot anymore.
So I can´t really recommend this app to anyone, seems to be full of bugs, configuration options are also not always remembered.

Click to expand...

During config wizard, did u marked McAfee as trusted and also did u alow NG to mark system files trusted( default NG behaviour)?

Yes, u should not recpmmend NG to anyone expect one who can play with a beta( with some definite bugs/ problems).

Rasheed187 said:

I did get to see two interesting alerts, one about Maxthon trying to log keystrokes (quite strange)

Click to expand...

It,s commom alert and I get these alerts from EQSecure and NG both. I guess these are from GetKeyState and GetAsyncKeyState sued somehow by some programs. ThreatFire also gives such alerts.

BTW I always had a hard time to install and get NG,s GUI on reboot but once its, doen after a couple of power resets etc, it,s working OK. No major glitches. I am using it with EQS and GesWall with Antivir on-demand.

1- Detection of making exact copy of itself( this feature catches most, if not all, worms even after their execution).
2- Overwriting executables
3- Deleting files rapidly
4-Creating executables
5-Sandboxing/ droping the rights feature( child executables created by browser are treated as untrusted)
6-Reading windows address book
7- Write into partition table( to me this filtet is better than direct disk access used by other hIPS as direct disk access is very common with legit applications giving rise to unnecessary popups.
8- Rapidly read text files
9- Rapidly connect to hosts
10- Create windows user account
11- It has a child parent control not complex like SSM and PS but it,s based upon trusted and non-trusted applications that gives rise to very less popups as compared to other HIPS.
12- Three different pre-defined( a bit configurable) policies- Trusted, Untrusted, Restricted
13- Right click option to mark the static execuatbles as trusted, resticted or untrusted or to quaratine them.
14- Counting bad behaviour of an executable and giving an option to quaratine it.

Some features are present in other HIPS also but implemented a bit diferently.

Take care

I am still learning NG and have not used other HIPS so extensively as NG, SSM free and EQS, so feel free to correct me anywhere.

There are a couple of things that I wish Neoava Guard could do, or, if it can be done, things I wish I knew how to do. Does the latest build of NG offer service protection? Also, with autoruns I am able to enable and disable autorun entries. Is this nornal? Finally, what are the changes NG will add the option to 'restart if terminated,' a la SSM?

1- Detection of making exact copy of itself( this feature catches most, if not all, worms even after their execution).
2- Overwriting executables
3- Deleting files rapidly
4-Creating executables
5-Sandboxing/ droping the rights feature( child executables created by browser are treated as untrusted)
6-Reading windows address book
7- Write into partition table( to me this filtet is better than direct disk access used by other hIPS as direct disk access is very common with legit applications giving rise to unnecessary popups.
8- Rapidly read text files
9- Rapidly connect to hosts
10- Create windows user account
11- It has a child parent control not complex like SSM and PS but it,s based upon trusted and non-trusted applications that gives rise to very less popups as compared to other HIPS.
12- Three different pre-defined( a bit configurable) policies- Trusted, Untrusted, Restricted
13- Right click option to mark the static execuatbles as trusted, resticted or untrusted or to quaratine them.
14- Counting bad behaviour of an executable and giving an option to quaratine it.

Some features are present in other HIPS also but implemented a bit diferently.

Take care

I am still learning NG and have not used other HIPS so extensively as NG, SSM free and EQS, so feel free to correct me anywhere.

Click to expand...

That looks very nice NG feels like a "smart" classical HIPS. I'm not very keen on clasical HIPS, but NG seems to be worth of a closer look.
Thanks

I am just refering to autoruns as the program I use to acticate and deactivate services.. I do get prompted when I launch the exe but not when I try and deactivate programs that launch as services; such as LnS and VBA32. I am prompted when I try and reactivate them. But with NG these services can be deactivated, and thus effectively disabled, without ever being prompted. Again, all this was done with autoruns.

I decided to try it one more time, and guess what, all of a sudden it works just perfectly on my home PC, I´m very excited. I now feel a bit safer.

So I guess it´s a matter of configuring it the best way possible to avoid any conflicts, and perhaps there are less stability bugs in NG than I first thought. At the moment it´s running just fine together with SSM, ZAP, CMG and Sandboxie. I´m not sure why it won´t work on my PC at work. Of course it´s not mature yet, there are a couple of things that work a bit unhandy, and are not really clear. But hopefully these things will be fixed and improved. But it does work correctly, it´s really blocking stuff.

@ n8chavez

I do get to see an alert when I try to disable services via Autoruns, so there must be something wrong on your machine. See pic: